AMENDMENTS TO THE CLAIMS 

This listing of claims will replace all prior versions, and listings, of claims 
in the application: 

Listing of Claims: 



1 1 . (Original) A computer controlled method comprising: 

2 establishing communication between a provisioning device 

3 and a network device over a preferred channel; 

4 exchanging key commitment information over said preferred channel 

5 between said provisioning device and said network device to pre- 

6 authenticate said network device; and 

7 providing provisioning information to said network device over said 

8 preferred channel, whereby said network device can automatically 

9 configure itself for communication over a network responsive to said 
1 0 provisioning information. 

1 2. (Original) The computer controlled method of claim 1 , wherein said 

2 provisioning information comprises network configuration information. 

1 3. (Original) The computer controlled method of claim 1, further comprising 

2 receiving a public key from said network device; 

3 verifying said public key with said key commitment information; and 

4 automatically provisioning said network device with a credential 

5 authorized by a credential issuing authority. 
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1 4. (Original) The computer controlled method of claim 3, further comprising 

2 establishing proof that said network device is in possession of a private 

3 key corresponding to said public key. 

1 5. (Original) The computer controlled method of claim 3, wherein said 

2 credential issuing authority is a certification authority and said credential is 

3 a public key certificate. 

1 6. (Original) The computer controlled method of claim 3, wherein the step of 

2 automatically provisioning is responsive to authorization from a 

3 registration agent. 

1 7. (Original) The computer controlled method of claim 1 , wherein said 

2 preferred channel is a location-limited channel. 

1 8. (Original) The computer controlled method of claim 1 , wherein said 

2 preferred channel has a demonstrative identification property and an 

3 authenticity property. 

1 9. (Original) The computer controlled method of claim 1 , wherein the 

2 network is a wireless network, and wherein said provisioning device is a 

3 wireless access point. 

1 10. (Original) The computer controlled method of claim 9, further comprising: 

2 receiving a wireless communication; 

3 determining whether said wireless communication originated from 

4 said network device or from a second network device that was not 

5 provisioned by said wireless access point; and 
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6 routing said wireless communication responsive to the step of 

7 determining. 



1 11. (Original) The computer controlled method of claim 10, wherein the step 

2 of routing comprises: 

3 choosing a selected channel from a secure channel and an insecure 

4 channel responsive to the step of determining; and 

5 sending said wireless communication through said selected channel. 

1 12. (Original) The computer controlled method of claim 1 , wherein said 

2 provisioning device is in communication with a credential issuing 

3 authority. 

1 13. (Original) A computer-readable storage medium storing instructions that 

2 when executed by a computer cause the computer to perform a method to 

3 provision a network device, the method comprising steps of: 

4 establishing communication between a provisioning device and said 

5 network 5 device over a preferred channel; 

6 exchanging key commitment information over said preferred channel 

7 between said provisioning device and said network device to pre- 

8 authenticate said network device; and 

9 providing provisioning information to said network device over said 

10 preferred channel, whereby said network device can automatically 

1 1 configure itself for communication over a network responsive to said 

12 provisioning information. 

1 14. (Original) The computer-readable storage medium of claim 13, further 

2 comprising 
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3 receiving a public key from said network device; 

4 verifying said public key with said key commitment information; and 

5 automatically provisioning said network device with a credential 

6 authorized by a credential issuing authority. 

1 15. (Original) The computer-readable storage medium of claim 1 3 , wherein 

2 the network is a wireless network, and wherein said provisioning device is 

3 a wireless access point. 

1 16. (Original) An apparatus for provisioning a network device comprising: 

2 at least one port configured to establish a preferred channel; 

3 a preferred communication mechanism configured to be able to 

4 establish communication with and said network device over said preferred 

5 channel; 

6 a pre-authentication mechanism configured to be able to receive key 

7 commitment information over said preferred channel from said network 

8 device; and 

9 a provisioning mechanism configured to be able to provide 

10 provisioning information to said network device over said preferred 

1 1 channel, whereby said network device can automatically configure itself 

12 for communication over a network responsive to said provisioning 

13 information. 

1 17. (Original) The apparatus of claim 16, wherein said provisioning 

2 information comprises network configuration information. 

1 18. (Original) The apparatus of claim 1 6, further comprising 

2 a key reception mechanism configured to receive a public key; 
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3 a key verification mechanism configured to verify said public key 

4 with said key commitment information; and 

5 a credential provisioning mechanism configured to automatically 

6 provide a credential authorized by a credential issuing authority. 

1 19. (Original) The apparatus of claim 1 8, further comprising a key exchange 

2 mechanism configured to be able to perform a key exchange protocol with said 

3 network device. 

1 20. (Original) The apparatus of claim 1 8, wherein said credential issuing 

2 authority is a certification authority and said credential is a public key 

3 certificate. 

1 21. (Original) The apparatus of claim 1 6, wherein said preferred channel is a 

2 location-limited channel. 

1 22. (Original) The apparatus of claim 16, wherein the network is a wireless 

2 network, and the apparatus further comprises a wireless access point 

3 mechanism. 

1 23. (Original) The apparatus of claim 22, further comprising: 

2 a packet receiver mechanism configured to receive a wireless 

3 communication; 

4 a determination mechanism configured to determine whether said 

5 wireless communication received by the packet receiver mechanism 

6 originated from said network device or from a second network device that 

7 was not provisioned by said wireless access point; and 

8 a router mechanism configured to route said wireless communication 
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9 responsive to the determination mechanism. 

1 24. (Original) The apparatus of claim 23, wherein the router mechanism 

2 further comprises: 

3 a channel selection mechanism configured to choose a selected 

4 channel from a secure channel and an insecure channel responsive to the 

5 determination mechanism; and 

6 a transmission mechanism configured to send said wireless 

7 communication through said selected channel. 

1 25. (Original) The apparatus of claim 16, further comprising a non-preferred 

2 communication mechanism that can be used to communicate with a 

3 credential issuing authority. 



26-66 (Canceled) 
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